Auth0 Set up
Auth0 is a cloud based solution to add authentication and authorization services to your applications.
In this tutorial, you will learn how to setup Auth0 to use it for securing your web applications, REST services, and mobile apps.
Follow the steps below to setup Auth0 for securing your applications:
Create a Tenant and Domain
A tenant is a business that has a collection of users who share similar access with specific privileges.
An Auth0 tenant is the starting point for everything. This is where you set up your Auth0 account, as well as where you create, manage, and store Auth0 assets including applications, connections, and user profiles.
To create a Tenant, we need to have an Auth0 account. Sign up for an Auth0 account at https://auth0.com/signup if you haven't already.
We can access, create new, create associated Auth0 tenants from the Auth0 Dashboard.
To create a Tenant, do the following:
- If you're a first-time user, you'll be prompted to create a tenant after you've made an account; otherwise, you can use the dropdown menu on the top navigation bar to create a new tenant. You should see New Tenant window like the following:
- Enter tenant name of your choice in the tenant-name field. The name you give to your tenant becomes your Auth0 domain that will be used as the base URL to access Auth0's API, as well as the URL to which your users will be redirected for authentication. The tenant name cannot be modified once it has been created. Once a tenant's name has been deleted, it cannot be modified or reused. So, before you create your Auth0 tenants, make sure you like the name(s).
- Choose Region. Auth0 currently supports US, EU, AU, and JP as locality subdomains.
- You can create many tenants for each environment you have, such as development, staging, or production.
For this example, let dev-buddy be the tenant name, US be the region, and Development be the environment. So the domain name is dev-buddy.us.auth0.com.
In production environments, we recommend using custom domains like example.com to give your consumers the most secure and smooth experience possible. However, this comes with an additional cost. You can deploy your custom domain in AWS or cloud managed by Auth0.
Create and Register Applications
Now, that you have a tenant, you'll need to register each application that will be using the Auth0 services. In Auth0, an application can be a native app for a mobile device, a single-page web app for a browser, or a regular web application for a server.To create Application, do the following:
- Go to Applications from the Auth0 Dashboard and choose Create Application.
- Enter application name of your choice in the name field.
- Choose Machine to Machine Applications for the application type. This application type is for our backend application. You must create an additional application of Single Page Web Application or Regular Web Application application type for your frontend applications.
- Choose Create.
- In the next step, select an API from the dropdown list to authorize invocation from our backend application.
- Select all Permission and click the Authorize button.
- Go to Application Settings and look for Domain, Client ID, and Client Secret to use in your backend application.
Note: Do not use any Machine to Machine application type credentials in frontend or mobile applications.